Netgate pfSense Reviews

I have three firewalls running my entire county and 11 smaller versions of the firewalls doing OpenVPN tunnels to my remote sites through StarLink. 

PfSense has been highly flexible, and it's worked out great for us for the most part. The Plus version has support, which we will pay for since it is our edge firewall. I have not had an issue with adding features.

We're doing a lot of OpenVPN tunnels, and some of the fields in the OpenVPN setup on the server side do not lend themselves to multiple sites. It's kind of ugly. It's a big list of allowed IP addresses. I'd much rather see that via the table individually. 

The individual firewalls have a single pane of glass view, but we have so many of them. You need to log into each to manage them.

 I'm officially about two years into using pfSense and one year in production.

I have not had any crashes happen. 

Overall, I've been happy with these firewalls.

I rate Netgate support eight out of 10. They were highly responsive. It was strictly email support. I didn't buy phone support.

We were running a Sophos firewall as the edge router of everything we did, and it wasn't meeting our expectations. I've used Cisco firewalls for most of my career. The Sophos firewall was underpowered and overburdened. It was constantly causing issues, such as filling up the logs and crashing the firewall in the middle of the day. I have not had that issue with the pfSense.

It was harder to order them than it was to deploy them. As a county government, we ran into purchasing issues, but we ultimately managed to make it happen. It took us about three months to deploy all of them. After deployment, you need to update the firewall codes and back it up. That's pretty typical.

PfSense was quite a bit less expensive than some other alternatives, and it's worked as well as we could hope. We have three 1500s and 11 of the 4100s. The total cost of ownership has been pretty beneficial.

We looked at some other options. I'm a Cisco guy, but pfSense firewalls provide more bang for your buck. 

I rate Netgate pfSense eight out of 10. 

We have a tiny business that uses pfSense to create a secure VPN between our two locations. 

It's a reliable platform. We also value pfSense's security features because we have to comply with PCI for credit card payments. We need to be confident that we'll have the security. PfSense offers that.

We realized the benefits of pfSense almost immediately. I read about a company using it and thought it would be the most secure thing. It's a bit daunting at first because you have to configure it. However, they create ISP versions, so you can leave those alone and not configure them. This does the whole thing in one box, whereas, with the ISP thing, you have to think about how many different appliances you'll need to make it work.

I like how easy it is to access VPNs and stuff like that. It's so simple to set up a site-to-site VPN. The solution is flexible enough to do just about anything.  It's super easy to configure the features as long as you have the details you need, or you can build out stuff if it lacks what you're after because it has a plugin architecture.

It depends on how you run it, but pfSense can help you prevent data loss. Still, it's more about preventing people from getting in and having the confidence that you won't be compromised. And if you need those extra features, you can always add them and all those things that can monitor what's happening in your website or organization.

The web interface allows you to see bandwidth, how things connect, and much more. PfSense Plus prevents downtime. It has a feature that records everything you do so that if a unit fails, you can swap it out and enter your details, and then it loads your configuration on a new device. PeerSpot Plus provides visibility that enables data-driven decisions. You can set it up to do that if you want it. 

They could always make pfSense slightly more user-friendly and modernize the interface a little. 

I have used pfSense since 2015, so it's been around nine years.

I've never seen pfSense crash.

It's at the scale that I need it, but you can certainly scale it up to the enterprise level if you want to have a better product. It depends on the hardware. 

I rate Netgate support 10 out of 10. I only contacted them once. It was very quick and efficient. I had a sensible solution within five minutes. I couldn't imagine having better support.

Positive

I used some Netgear hardware, but I don't remember the model because it was eight years ago. When I switched to pfSense, I stuck with it because it works reliably. 

Deploying pfSense was pretty easy. I'm an IT guy, so I did it myself. After deployment, you need to do some routine maintenance, like upgrading occasionally and checking your file logs. Apart from that, it does everything for you.

They have a free community version and a paid version. The free version works if you are a home user who needs a fixed cost, but that's not my use case. 

I rate Netgate pfSense 10 out of 10. I can't think of a way to make it better. Before deploying pfSense, prepare your area and your network. Understand your entire network and what you want to do before you start doing anything then follow the documentation. 

I use pfSense as our primary firewall and router. We use several functions of pfSense, including the OpenVPN capabilities for mobile VPN and pfBlocker for DNS blocklisting. We also use Snort for IPS capabilities. 

The solution helped us secure the perimeter against vulnerabilities. I'm confident in the team's ability to keep things updated and all the security holes patched. It also has security add-ons like IDS, IPS, etc. We realized the benefits immediately.

My favorite thing about pfSense is its overall stability of the product. It's rock solid and low maintenance. I like that aspect. It doesn't cost much, and it's feature-rich, including mobile VPN, pfBlocker, and IPS. You have the flexibility to deploy it as bare metal or VM. 

It's very easy to add features to pfSense and to configure them. The solution's management page offers a single pane of glass view. You can clearly see the various features on the main page, and it isn't difficult to drill down into the other sections for more details. 

I can't say which features Plus provides that the community edition doesn't. I only knew that the Plus edition was the path forward. I was previously on a community edition for many years, but I've been on the Plus edition for at least a couple of years now.

One area of improvement would be better communication. They kind of left a lot of people in the dark and misled them about the pfSense Plus Edition. I feel like they automatically switched people over and then followed that up with a required subscription model. That aggravated a lot of customers, including me, but I stuck with it regardless.

I have used pfSense for nearly a decade.

I rate pfSense 10 out of 10 for reliability. 

pfSense is highly scalable. The only limitation is the hardware you have behind it. As long as you can upgrade your hardware when you scale, pfSense will be able to support it. 

I rate pfSense support nine out of 10. I've typically gotten all the answers I sought when needed. They are highly responsive. I don't think I've ever had to wait more than an hour to get a reply. 

Positive

I wasn't involved in deploying pfSense. I maintain an existing one. For maintenance, you just need to periodically update to the latest version of pfSense Plus and maintain the different rulesets, such as firewall, IPS, and pfBlocker rules. 

The total cost of ownership of pfSense is rather low. After the recent subscription change, it doesn't cost us more than a couple hundred bucks a year. The only other thing I have to pay for is the business Snort license for the IDaaS IPS functionality. 

I rate pfSense nine out of 10. I recommend doing a white box deployment because it's easier on the hardware. I tried pfSense on a Netgate appliance and wasn't impressed with the performance compared to the white box I already had in place. I suggest starting with a spare server you have — Dell, HP, etc. 

One of our clients operates multiple branches, and we've implemented a solution involving feature and IP address tunnels connecting these branches. The main branch serves as the hub, housing the Central PBX and providing services to the other branches.

We use pfSense to handle VPN connections, extending to remote workers in our various branches as well.

The feature I find most valuable for fulfilling network security requirements is pfBlockerNG. It offers exceptional visibility and filtering capabilities, without the need for dedicated hardware or recurring expenses. Unlike other solutions, pfBlockerNG operates seamlessly and continuously without additional costs or maintenance concerns.

The traffic shaping and bandwidth management features of pfSense significantly enhance our network performance. The inclusion of a QoS wizard simplifies the process, eliminating the complexity often associated with configuring QoS on other platforms like Cisco routers. With pfSense, utilizing the wizard streamlines the setup process, making it accessible and effective for users without requiring an advanced understanding of networking intricacies.

There have been specific incidents where the reporting and monitoring tools of pfSense played a crucial role in identifying and resolving network issues. In one instance, we received complaints about internet connectivity problems affecting productivity across the business. Upon investigation, I discovered that the issue stemmed from excessive bandwidth consumption caused by multiple HD camera streams being watched simultaneously. Utilizing pfSense's reporting and monitoring tools, I quickly pinpointed the source of the problem and implemented measures to alleviate the network congestion. These tools are invaluable for identifying resource-intensive processes and resolving performance issues effectively.

The process of integrating pfSense with other tools and services has proven to be quite straightforward thus far. While there may be a slight learning curve at the outset, particularly for those less familiar with networking concepts, it becomes manageable with experience.

The most valuable feature, for instance, is the ease of migrating configurations between different Netgate devices housed in the same box. This capability simplifies troubleshooting, as it allows for faster identification of DNS discrepancies or any other issues compared to proprietary systems. With pfSense, network configurations adhere to standard practices, facilitating troubleshooting without the need for complex overlays or policies. The interface, prioritizes network principles, making it intuitive for those familiar with networking concepts to navigate and achieve desired outcomes efficiently.

It lacks a solution for SD-WAN integration. I believe improving integration with various antivirus vendors could be beneficial. Partnering with trusted antivirus providers such as Bitdefender or Sophos as an add-on feature could enhance the antivirus capabilities of pfSense. Incorporating a centralized management console for easier administration would be a valuable addition.

I have been working with it for over five years.

The stability of pfSense is exceptional. I've only encountered one instance of hardware failure, which was due to an electrical issue. Otherwise, all other deployments have been reliable. I would rate it nine out of ten.

The scalability of pfSense is impressive. I've witnessed its capabilities firsthand, especially when it was deployed in environments supporting up to seven thousand employees. I would rate it nine out of ten. Currently, pfSense is our top recommendation for clients, tailored to their budget and specific requirements. Depending on the client's needs, such as compliance with PCI or HIPAA regulations, we may suggest models that offer corresponding features and evaluations of network security. This flexibility allows us to cater to clients with varying compliance needs, ensuring they receive suitable recommendations.

In terms of technical support, I primarily rely on the forums whenever I have a question or need technical information. I've found that the answers I seek are often readily available there. While pfSense does offer paid support packages, I haven't had the opportunity to utilize them yet.

The main difference between Fortinet and pfSense lies in their integration with different vendors. While pfSense offers integration with multiple commercial antivirus solutions, Fortinet primarily provides its own antivirus offering. However, the effectiveness of the antivirus provided by pfSense may not be as high as some other options available in the market. In terms of cost, pfSense offers a one-time payment for cloud services, providing continuous service without ongoing fees. On the other hand, Fortinet's pricing structure may seem appealing initially, but if you wait until close to the license expiration date, the renewal cost significantly increases, which could result in unexpectedly high expenses.

The initial setup was straightforward.

To set up pfSense, you start by configuring firewall rules to allow the necessary traffic. Once that's done, you can explore and download additional security packages from the package manager to enhance your environment's security. The initial setup is quick, typically taking around ten minutes for a basic configuration. However, if you're integrating features like pfBlockerNG, it may take a bit longer as you need to ensure you're not inadvertently blocking any essential services. Despite this, the task can be managed by a single person, such as an IT manager.

Maintenance tasks, such as checking logs and ensuring updates are running smoothly, are typically handled by two designated individuals. They connect to the firewall periodically to perform these checks. While we do have a management console, it's not fully integrated with the pfSense Manager (PSM) solution. Having a dedicated management console that allows remote management of all wireless devices would be ideal, as it would streamline the process of making changes across multiple devices.

The price point is highly competitive. The cost varies depending on the license type, such as licenses for eight to five support or twenty-four seven support. Opting for twenty-four-seven support significantly increases the price, reaching around ten thousand to thirteen hundred dollars. I would rate it four out of ten.

Overall, I would rate it nine out of ten.

We primarily use the solution for firewalling, site-to-site VPNs, and VPN management.

We largely needed a good firewall solution. We wanted to find a suitable firewall for our company size and what we're doing with it.

It's open-source and everything is available to me without having to pay subscription fees. 

The support with NetGate probably is the most value I've seen from it. They've been really, really helpful. The open-source nature of pfSense, paired with the amount of support we receive, has been great.

The flexibility is great. It does everything I need it to do. The amount of open apps for it is extensive. I was able to help track some networking issues using the pfSense to scan the network.

It's significantly easier than expected to configure the solution and simple to handle add-ons.

pfSense can help prevent data loss. In our environment, things are fairly strict. However, it makes it easy to manage and configure the firewall and handle inter-VLAN routing and firewalls between them.

We do have access to a single pane of glass management. It's easy to review traffic, usage between VLANs, threat monitoring, and user connectivity. I'd have to monitor items separately without this single pane which would make monitoring difficult. 

We do use pfSense Plus. It provides us with the features we need to minimize downtime. The updates and everything that comes with it have been great.

The visibility provided allows us to make data-driven decisions. The modules I have access to for network monitoring and management have been very helpful.

We've been able to optimize performance. With NetGate support, I've been able to utilize traffic shaping and performance optimizers. 

I'd like to see it become more of a next-gen firewall or deep packet inspection, however, I'm very happy with the way it is as of now. 

I've used the solution personally for about two years. My company has been using it for about eight years now.

The stability is very good. 

We have two locations. I have yet to uncover any scalability limitations. 

Support is quick to respond. For the amount we pay a year, the support has paid for itself. I'm very happy with the level of support we get. 

Positive

I do have experience with Meraki and NetGate devices. I've used FortiGate devices in the past. The expense and support were not near the quality of pfSense.

The initial setup was easy to set up and straightforward to configure. It did take a moment to learn where each tool set was. However, after that, it's really good. I handled the deployment myself. I was able to implement it within 16 hours. 

There isn't really any maintenance; it is pretty much set and forget. I do updates every three months or so and that's it. 

90% of the setup was handled in-house; I referred to NetGate support for a few items along the way. 

We do pay about $600 a year for NetGate support. pfSense is free, however, NetGate, that made the appliance, charges for a support package. I'm very happy with the quality of service that I get for the price. 

We would have paid another $7,000/year for subscription fees if we went anywhere else.

I'd recommend the solution to others. I'd rate it ten out of ten.

I use the solution in my home. It's my firewall, DNS server, DHCP server, intrusion detection server, and reverse proxy server.

The solution's web interface is very feature-rich and well-supported. There's a large community of users out there you can get to. There are many things that I'm not using at the time. It's got great support for VPNs. One of the ways that I'm using it is for VPN support as well. Netgate pfSense is a great product.

Netgate pfSense is an extremely flexible solution.

You'll see the benefits of Netgate pfSense immediately after you deploy it. The more features you use, the more benefits you get from it. I'm using the tool for VLAN support. That was something I implemented first, and it completely changed the way I was using my network. That was a real game-changer because it provided greatly enhanced security for my network and reduced the complexity of my network.

The firewall, the intrusion detection service, the VPN support, and VLAN support keep me from getting hacked and possibly having problems with ransomware and potential data loss.

pfSense Plus provides features that help us minimize downtime. You can create copies of different environments that you set up. If you want to try a setting but want to be protected from loss and downtime, you can create a copy of your current working environment.

You should try adding the new change to your pfSense configuration. If that doesn't work, you can easily go back to the working configuration with just a simple change from within the web interface. It also does automatic backups of its configuration.

The visibility of pfSense Plus helps us optimize performance. You can overcome latency issues through traffic shaping. I previously had buffer bloat issues, which I don't have currently.

If you have a slower connection, you can use traffic shaping limiters and priority queues to ensure that your VoIP traffic, internet TV traffic, or streaming traffic has enough guaranteed bandwidth. In my case, my broadband connection is wide enough, and I do not have to really use those features.

The cost of ownership of Netgate pfSense with the hardware cost was about $ 350.

It would be nice for the code optimization to run on even slower processes. It's optimized quite a bit, but there's always room for improvement.

I have been using Netgate pfSense for two years.

We haven’t faced any issues with the solution’s stability.

From my point of view, the solution's initial setup is pretty easy. Many YouTube videos are out there to help you get it up and running. There's a lot to try, a lot of things to do, and a lot of technology to play with, but I'm afraid I'm a bit of a tinkerer. To do what I initially wanted, I probably spent a day.

I would like to see the solution's price reduced.

There is some complexity to adding features to pfSense and configuring them. I would not say it's extremely complex, but it's got a high degree of complexity.

The website is all you need to configure Netgate pfSense. If you choose to, you can use its SSH terminal interface, but that's not something that most users would do. I would think they would stick with its fully developed, mature web interface.

The solution by itself does not need any maintenance. However, if you use the incursion detection plugins, you need to make sure that those are tuned properly. That involves periodic checks and possible adjustments. New users should be prepared to learn, read the manual, and utilize YouTube resources. It'll be worth it.

Overall, I rate the solution ten out of ten.

I USE Netgate pfSense for home networks, lab environments, and R&D. In production, professional career-wise, I have built pfSense production firewalls that run in various configurations and high availability for different organizations serving a different number of clients and servicing any amount of requests throughout any given day. 

It also serves thousands to tens of millions of requests a second a day from small to large deployments.

Netgate pfSense is an extremely flexible solution. It is an open-source tool that has a very large community of professionals, enthusiasts, and hobbyists alike. There is a lot of flexibility in doing whatever you want with it. It also offers enterprise-grade support so that you can have something equivalent to the Cisco enterprise-grade data center firewall product. You could build that with pfSense or OpenSense, which is a derivative of pfSense.

The initial benefit I saw of pfSense was way before I ever used it professionally. It is a robust tool that can replace your consumer-grade firewall router solution. I also saw immediate benefits in my professional career as it is a powerful solution that can be compared to other solutions like Palo Alto or Meraki today.

Netgate pfSense can be a fully functional L7 firewall. You can not only have the base Layer 3 functionality of the firewall, but you can add things like Snort and pfBlockerNG to build out and become an L7 firewall doing actual inspection and security analysis.

It is very easy to add and configure features to Netgate pfSense.

pfSense has a built-in auto-configuration backup. While that is technically data loss from the sense of protecting the firewall, it is a feature Netgate offers to every pfSense user, licensed or not. You get this feature if you have a Netgate appliance. Just using pfSense won't get you that. There are third-party packages you can use to set up pfSense configuration backups if you don't have pfSense Plus.

In terms of data loss outside of that, you configure it in a way that puts it as a security device. By default, pfSense is not inherently a security device. It is a Layer 3 filtering firewall. If you want it to be a security appliance beyond basic TCP/IP Layer 3 filtering, you can run Snort or pfBlockerNG to turn it into a security appliance. Doing so can aid in data loss prevention by using the tool for basic intrusion detection prevention.

Netgate pfSense provides a single-pane-of-glass management capability. Its dashboard has a lot of prebuilt functionality, allowing you to have a single-page view of the firewall's status and everything going on with it.

pfSense Plus provides features that help us minimize downtime as a supporting part of the infrastructure.

pfSense Plus provides visibility that enables us to make data-driven decisions. The kind of data-driven decisions that could be made with information from pfSense are things like how much bandwidth I am using and what is the throughput of all my band connectivity.

I can also decide whether I need to go from a 1 Gig network to a 10 Gig network or a 2.5 Gig network and whether I need to increase my commit for my WAN circuit because we see that we are averaging above 99%, etc. The kind of decisions that it can help you make are related to your network and your connectivity.

The visibility that pfSense Plus provides helps us to optimize performance. It could help you to improve performance on the network side. It is, after all, a firewall router, so it is a network piece of equipment. It could help improve performance in that if you are actively monitoring, pulling data from pfSense, or actively reviewing the different types of information and graphs that pfSense provides, you could make decisions to see that a machine is consistently using lots of network traffic.

I have been using Netgate pfSense for 15 years.

I have pfSense Plus in production. I have both pfSense Plus and pfSense Community Edition (CE) running at home. They are essentially the same, and the only difference between them is the support and auto-configuration backup.

Overall, I rate the solution a nine out of ten.

I use pfSense for my home network firewall. I also manage two Cloud platforms that use it. 

Netgate pfSense is flexible allowing for modifications to meet our needs.

With my strong security background and experience managing pfSense, adding and configuring new features is a breeze. While some might encounter challenges, my expertise allows me to navigate them with ease.

pfSense impressed me with its ease of deployment and low maintenance. It excels in protection and firewall functionality and offers a wide range of add-ins to further customize my network. After considering alternatives like OPNsense and Untangle, pfSense emerged as the perfect fit for my needs.

The single pane of glass provided by pfSense makes it easier to determine issues related to attacks and what is being blocked. I can see live logging of the firewalls and what rules apply to what.

pfSense does a good job helping prevent data loss using Snort which identifies and blocks suspicious traffic before it enters our network.

pfSense Plus offers a visibility feature that helps me optimize network performance. The dashboard displays clear traffic graphs and device load information, and I can customize it to show exactly what I need.

The total cost of ownership is extremely reasonable. pfSense is a good option, especially for people conscious of recurring expenses.

The most valuable features of pfSense are the high availability that easily allows failover to a backup unit and the Snort integration with pfSense and WireGuard.

Netgate pfSense can improve by adding a different OS layer other than FreeBSD.

I have been using Netgate pfSense for ten years. 

Netgate pfSense has been stable.

pfSense's scalability is highly dependent on the hardware you choose, but despite this, it offers a strong ability to handle increased network demands overall.

In addition to pfSense, I have used OPNsense, WatchGuard, and Cisco. The WatchGuard rules were more straightforward than pfSense. New pfSense users might find deciding between floating and interface rules for specific scenarios confusing.

The installation is easy for those who are comfortable with command-line interfaces. It is quick and straightforward but they have to be careful when assigning the internal or external net because that can be challenging for some.

One person is enough to deploy.   

Netgate pfSense is competitively priced. The 4100 box is a good box for the price.

I would rate Netgate pfSense nine out of ten.

Before deploying pfSense in your lab, I recommend checking the pfSense forums to learn about any potential issues or considerations other users have encountered.